Setting $\varepsilon$ is not the Issue in Differential Privacy
Edwige Cyffers
TL;DR
The paper argues that interpreting and setting the privacy budget $\varepsilon$ is not a fundamental flaw of differential privacy but a reflection of the broader challenge of quantifying privacy risk in context. It reviews DP's core advantages—robustness to post-processing, adaptive composition, interpretability in simple cases, links to hypothesis testing, and empirical auditing—and defends the practical usefulness of the privacy budget. It warns against Goodhart-like misuses of $\varepsilon$, showing how unfair accounting and relaxations (e.g., local DP in federated learning, label DP) can mislead and hinder adoption. It advocates embracing alternative viewpoints, including tighter definitions (RDP, GDP, f-DP) with conversions to $(\varepsilon,\delta)$-DP for comparability, and emphasizes adoption, auditing, and context-driven risk assessment over chasing a single numerical target.
Abstract
This position paper argues that setting the privacy budget in differential privacy should not be viewed as an important limitation of differential privacy compared to alternative methods for privacy-preserving machine learning. The so-called problem of interpreting the privacy budget is often presented as a major hindrance to the wider adoption of differential privacy in real-world deployments and is sometimes used to promote alternative mitigation techniques for data protection. We believe this misleads decision-makers into choosing unsafe methods. We argue that the difficulty in interpreting privacy budgets does not stem from the definition of differential privacy itself, but from the intrinsic difficulty of estimating privacy risks in context, a challenge that any rigorous method for privacy risk assessment face. Moreover, we claim that any sound method for estimating privacy risks should, given the current state of research, be expressible within the differential privacy framework or justify why it cannot.